Fix management-external-cert option parsing error

 - Allow --management-external-cert as an alternative to --cert
 - Also make sure --cert and --management-external-cert are not
   both specified, and clarify in the man page that the latter
   must be used with --management-external-key.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1466132093-1178-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11929
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index c2169cf9d8526d9c4d0f8b9fc446b64f5d4cacd9..ac8036ffb7da895a823f7df817fc8c882de845cc 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2650,6 +2650,7 @@ option (client-only).
 .B certificate-hint
 is an arbitrary string which is passed to a management
 interface client as an argument of NEED-CERTIFICATE notification.
+Requires \-\-management\-external\-key.
 .\"*********************************************************
 .TP
 .B \-\-management\-forget\-disconnect

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index c6477932d2fcd5b6d1e3fca39ae2c09c6f350fa6..3adeb155fe2cd3e0fe07dc2a32446c067b4c1abd 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2263,6 +2263,13 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
           {
                 msg (M_USAGE, "--key and --management-external-key are mutually exclusive");
           }
+        else if((options->management_flags & MF_EXTERNAL_CERT))
+          {
+                if (options->cert_file)
+                  msg (M_USAGE, "--cert and --management-external-cert are mutually exclusive");
+                else if(!(options->management_flags & MF_EXTERNAL_KEY))
+                  msg (M_USAGE, "--management-external-cert must be used with --management-external-key");
+          }
         else
 #endif
 #ifdef ENABLE_CRYPTOAPI
@@ -2318,14 +2325,14 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
          if (pull)
            {
 
-             const int sum = (options->cert_file != NULL) +
+             const int sum =
 #ifdef MANAGMENT_EXTERNAL_KEY
-                       ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
+               ((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT))    +
+               ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
 #else
-                   (options->priv_key_file != NULL);
+               (options->cert_file != NULL) + (options->priv_key_file != NULL);
 #endif
 
-
              if (sum == 0)
                {
 #if P2MP